HomeSecurity ArchitectureMedusa ransomware infects over 300, employing 'triple extortion' technique - The Register

Medusa ransomware infects over 300, employing ‘triple extortion’ technique – The Register

Published on

spot_img

A recent government advisory has shed light on a new tactic employed by the operators of the infamous Medusa ransomware. Instead of the usual two payments demanded from victims, one victim was coerced into making three payments, indicating a potential shift towards a triple extortion scheme. The advisory, jointly issued by the FBI, CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC), outlines the modus operandi of Medusa, a global ransomware-as-a-service operation that recruits third-party affiliates to deploy the ransomware and negotiate with victims post-encryption.

These third-party entities, referred to as “Medusa actors” or “initial access brokers,” specialize in breaching victims’ IT defenses through phishing campaigns and exploiting software vulnerabilities such as CVE-2024-1709 and CVE-2023-48788. Once the ransomware is deployed, the Medusa actors employ a double extortion strategy, demanding payments for both decrypting the data and preventing its public release. Victims are often provided with a countdown timer, indicating when their data will be exposed if the ransom is not paid.

In a disturbing development, the advisory highlights a rare incidence where a victim, after paying the ransom, was contacted by another Medusa actor claiming that the initial negotiator had embezzled the payment. The victim was then coerced into making a second payment to obtain the “true decryptor,” hinting at a possible triple extortion scheme where victims’ information is shared among multiple cybercriminals.

Despite the unethical nature of these actions, the affiliates recruited by Medusa’s operators are compensated handsomely, receiving payments ranging from $100 to $1 million to work exclusively with the RaaS crew. This financial incentive encourages the affiliates to demand multiple ransoms, ultimately benefiting the entire Medusa ecosystem.

The advisory also underscores the rising threat posed by Medusa, with at least 300 victims reported across various critical infrastructure sectors. Recent attacks on organizations such as the HCRG Care Group and Gateshead Council in the UK have highlighted the far-reaching impact of Medusa ransomware, with data breaches and exorbitant ransom demands becoming commonplace.

To combat this evolving threat, the advisory recommends storing data in air-gapped locations, implementing network segmentation, utilizing multi-factor authentication, and maintaining prompt patching practices. By following these guidelines, organizations can strengthen their defenses against Medusa and mitigate the risk of falling victim to this malicious ransomware operation.

Source link

Latest articles

Progress Urges ShareFile Shutdown Due to Credible Threat

Honeypot Records Exploitation Attempt Against Flaw Patched Earlier This Year In a significant security alert,...

RabbitMQ Vulnerabilities Expose OAuth Secrets and Risk Complete Broker Takeover

Critical Vulnerability in RabbitMQ Fixed: High Severity Update Required A significant security vulnerability in RabbitMQ...

Attackers Use MCP Recon and Cloud Metadata SSRF to Steal Service Account Tokens

Expanding Horizons: The Rising Threat of AI-Focused Reconnaissance In the ever-evolving landscape of internet security,...

Jurassic Park, Cybersecurity, and the Perilous Illusion of Control

Resilience has become a pivotal concern for businesses today, evolving beyond mere compliance to...

More like this

Progress Urges ShareFile Shutdown Due to Credible Threat

Honeypot Records Exploitation Attempt Against Flaw Patched Earlier This Year In a significant security alert,...

RabbitMQ Vulnerabilities Expose OAuth Secrets and Risk Complete Broker Takeover

Critical Vulnerability in RabbitMQ Fixed: High Severity Update Required A significant security vulnerability in RabbitMQ...

Attackers Use MCP Recon and Cloud Metadata SSRF to Steal Service Account Tokens

Expanding Horizons: The Rising Threat of AI-Focused Reconnaissance In the ever-evolving landscape of internet security,...